UML ("User Mode Linux") allows you to run multiple Linux servers on one physical machine. This can be handy for many different purposes. For example, you might want to give different people root rights, but prevent them from interfering with one another. Or, you might want to have several identically configured servers, one for production, one for development, and one for testing, but without investing in multiple physical machines.
Once you have prepared your machine for running UML instances as described in the following section, adding new instances will take less than five minutes. The preparation, however, might take a bit longer.
This HOWTO is based on an article in the German computer magazine c't 12/04, page 156 ("Linux: Sicherer Spiele-Server mit User Mode Linux" by Dirk Hartmann).
You need a kernel with UML, LVM2 and reiserfs support.
If you want to compile a kernel yourself, proceed like this:
1. Download the kernel (e.g. from http://packages.debian.org/testing/devel/kernel-source-2.6.8 or through apt-get install kernel-source-2.6.X)
2. Untar the kernel (in /usr/src) with
$ tar xjf kernel-source-2.6.8.tar.bz2
3. Download the skas patch (either from (http://packages.debian.org/testing/devel/kernel-patch-skas or directly from www.user-mode-linux.org/~blaisorblade/patches/skas3-2.6/).
4. Configure your kernel with
Make sure that you select:
5. If you downloaded the skas patch directly from blaisorblade's website, patch your kernel with
$cat pathToPatch/host-skas3-184.108.40.206-v6.patch| patch -p1
in the kernel-source directory.
Otherwise prepend a PATCH_THE_KERNEL=YES to the second make-kpkg line
$ make-kpkg clean
$ make-kpkg --appent-to-version=MyUML+SKAS.1.0 kernel-image
If you don't want to compile a kernel for yourself, here is a precompiled patched 2.6.8 vanilla kernel. There is a lot of stuff in it that is not neccessairy on a server, though.
Here is my compiled kernel: linux
For real men and women who compile kernels themselves:
1. Do not take any debian kernel, but download the plain kernel from kernel.org as Mr. Hartmann advises (www.kernel.org/pub/linux/kernel/v2.6/linux-220.127.116.11.tar.bz2) and the UML patch (uml-pub.ists.dartmouth.edu/uml/uml-patch-18.104.22.168-1.bz2).
(Tip: download with wget -c URL. If download is aborted you can continue the download with same command.)
2. Untar the kernel:
$ tar xjf linux-22.214.171.124.tar.bz2
$ cd linux-126.96.36.199
$ bzcat <pathToPatch>/uml-patch-188.8.131.52-1.bz2 | patch -p1
3. Now you can configure your kernel with
$ make ARCH=um menuconfig
$ make ARCH=um xconfig
4. You should activate seperate kernel adress space, Management console, and Sysrq support.
You can deactivate Threacing thread support, /proc/mm, and support for a.out and MISC (everything in General setup).
Check that reiserfs is set.
You don't need LVM support here unless you want to mount additional partitions inside your UML.
(Here is my .config file).
5. Compile the kernel using
$ make linux ARCH=um
and strip the produced binary (linux) with:
$ strip linux
After installing the host kernel on your destination box, you need the following packages on it as well: lvm2 reiserfsprogs debootstrap, bridge-utils, screen and uml-utilities:
$ apt-get install lvm2 reiserfsprogs debootstrap bridge-utils screen uml-utilities
You need to have a free partition /dev/hdaX which you can use for LVM. (Other disks are also ok.) If you don't have any partition left look here how to shrink your root partition.
Add a volume group on your box using pvcreate and vgcreate:
$ pvcreate /dev/hdaX
$ vgcreate vg1 /dev/hdaX
You need to give the tun device to the group uml-net:
$ chgrp uml-net /dev/net/tun
$ chmod g+w /dev/net/tun
In order to communicate with the UML-children, you need to modify
I added the following lines:
# for UML
iface br0 inet static
pre-up brctl addbr br0
post-down brctl delbr br0
I chose the network for the uml clients to be 192.168.3.XXX and I let the root server have the IP address 192.168.3.1. You can change this if you want. You must then change the constants IP_FIRST_3_NR, IP_GATEWAY_LAST_NR in the scripts create_uml_instance.sh and uml-child.sh.
Make sure you have "ip_forward=yes" in /etc/network/options. Otherwise you won't be able to access the uml instance from outside this machine.
After changing the networking configuration you need to restart networking:
$ /etc/init.d/networking restart
Then you need to place the uml binary (linux) and the create_uml_instance.sh and to /opt/uml/bin (if you want it someplace else change KERNEL in uml-child.sh. Finally, you need to put the uml-child.sh in /etc/init.d
All three files need to have execution bit (chmod a+x filename).
$ /opt/uml/bin/create_uml_instance.sh test1 11 256M 4G
You will have to answer a few questions (just press the default) and type in the root password. This will create a new uml child with name test1, IP address 192.168.3.11, max. 256MB RAM and 4 GB disk space. The script creates a user with that name which is used to start the guest linux. Therefore use only small letters for the name, otherwise creating the user will fail.
To start it, simply type:
You can ssh from outside to this instance on port 10000 + 1000 * 11 + 22 = 21022 (e.g. with ssh -p 21022 root@yourMachine). Since the IP number gets multiplied by 1000, you should not use IP numbers bigger than 55 unless you change PORTS_PER_UML in uml-child.sh.
You probably want to have more than the bare base system. I installed additional packages using dselect and stored the list of installed packages using:
$ dpkg --get-selections > myconf
To reproduce the installation, you only need to execute
$ dpkg --set-selections < myconf
$ apt-get -u dselect-upgrade
to have your packages back. This way you need to backup only files you or your programs modified. This is usually the files in /etc you changed, all files below /var and maybe /home.
You can do all of this without starting the uml instance. Just mount the
partition and do a chroot on it.
If you always want to run an instance with low priority (e.g. a test instance), you can insert --nice as first parameter in create_iml_instance.sh:
$ create_uml_instance.sh --nice test1 11 256M 4G
This only makes the uml-instance nice, not the creation of it. If you want this too, type:
$ nice create_uml_instance.sh --nice test1 11 256M 4G
One word of caution about TLS:
The guest linux will hang if Thread Local Storage (TLS) is enabled. Therefore the script create_uml_instance.sh will deactivate TLS by renaming /lib/tls to /lib/tls.bak. But if you install a new version of glibc on your guest instance, it will reappear. So if the guest linux won't boot after you updated some packages mount your lvm volume and rename it again e.g.:
$ mount /dev/vg1/testb /mnt/
$ mv /mnt/lib/tls /mnt/lib/tls.bak2
$ umount /mnt/
More information on possible problems can be found at uml.harlowhill.com/index.php/Troubleshooting.
$ /etc/init.d/uml-test1 backup
This will give you a new logical volume /dev/vg1/test1-backup.
You can mount the newly created logical volume test1-backup and do a backup now on this snapshot. When you are done with your backup, just delete the logical volume with lvremove.
The uml guest is halted only for taking the snapshot. This could be done in a second if LVM2-snapshotting would be stable in 2.6 Kernels. Unfortunately it crashed on my machine and left a process which I could not kill. The machine didn't reboot cleanly either. So I removed the lvm snapshot from my script and replaced it by a normal copy of the full volume. This takes minutes.
If you like to experiment you can edit uml-child.sh and remove the # form the line:
#lvcreate -L $DISKSPACE -s -n $UMLUSER-backup /dev/$VOLUMEGROUP/$UMLUSER || echo backup of /dev/$VOLUMEGROUP/$UMLUSER failed
and insert a # in front of the next.
I found two messages on linux-kernel about this problem, the second one from February 2005:
Three things need to be done:
The script delete_uml_instance.sh does this for you.
All files mentioned above can be found here:
This document is free; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
This document is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You can get a copy of the GNU GPL at at
--- Fight spam with alias addresses from safersignup.com! ---